Analysis of MD5 encryption

Others 2020-04-14 11:53:09 views: null

Article Directory

The concept of MD5 encryption

MD5 encryption is a commonly used information digest algorithm, mainly used to ensure data consistency and signature verification. It is an irreversible encryption algorithm.

MD5 encryption is to encrypt any byte array into 32 bytes of data, and then they are represented as 32-bit hexadecimal numbers in form.

Simple use of MD5 encryption

Let's take a look at the simple application of MD5 encryption on Java.

Java has helped us achieve MD5 encryption, we only need to call the system function to achieve it. The calling sequence is as follows:

first step

Get MD5 encrypted objects:

try {
    messagedigest = MessageDigest.getInstance("MD5");
} catch (NoSuchAlgorithmException nsaex) {
    System.err.println(MD5Util.class.getName() + "初始化失败,MessageDigest不支持MD5Util。");
    nsaex.printStackTrace();
}
Second step

Incoming data to be encrypted:

byte[] secretBytes = messagedigest.digest(str.getBytes());

The encrypted data can also be transferred in batches:

InputStream fis;
fis = new FileInputStream(file);
byte[] buffer = new byte[1024];
int numRead = 0;
while ((numRead = fis.read(buffer)) > 0) {
    messagedigest.update(buffer, 0, numRead);
}
fis.close();
byte[] secretBytes = messagedigest.digest();

The returned byte array is an array of length 16.

third step

Convert the encrypted byte array to the MD5 encryption we usually see:

protected static char hexDigits[] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};


private static String bufferToHex(byte bytes[], int m, int n) {
    StringBuffer stringbuffer = new StringBuffer(2 * n);
    int k = m + n;
    for (int l = m; l < k; l++) {
        appendHexPair(bytes[l], stringbuffer);
    }
    return stringbuffer.toString();
}

private static void appendHexPair(byte bt, StringBuffer stringbuffer) {
    char c0 = hexDigits[(bt & 0xf0) >>> 4];// 取字节中高 4 位的数字转换
    char c1 = hexDigits[bt & 0xf];// 取字节中低 4 位的数字转换
    stringbuffer.append(c0);
    stringbuffer.append(c1);
}

In this way, the encrypted string is obtained.

Note that we usually see another way to convert byte into an encrypted string, which is to use the BigInteger class:

String md5code = new BigInteger(1, secretBytes).toString(16);

But there is a problem with this way of writing, that is, if the highest digit of the string after encryption is 0, it will be omitted:

String str = new BigInteger(1, new byte[]{0, 16}).toString(16);
System.out.println(str);
//输出10

So the correct way to use BigInteger is as follows:

String md5code = new BigInteger(1, secretBytes).toString(16);
for (int i = 0; i < 32 - md5code.length(); i++) {
    md5code = "0" + md5code;
}

The above is a simple implementation of MD5 in Java.

Practical scenarios of MD5 encryption

Let's take a look at the application scenarios of MD5 encryption.

Since MD5 is irreversible, it is not suitable for some encrypted transmission and then decrypted at the other end. It is mainly used for hiding information and ensuring data consistency.

Below we give a few specific scenarios that use MD5 encryption.

user password

The user's password is very sensitive data. When it is transmitted or stored, if it is directly used in plain text, it will cause hidden security risks.

For example, the plaintext exists locally on the client. After the client is cracked by root, the file can be directly obtained to find the password. The password in the server database also has the risk of getting the password after the server is cracked, and the password can be seen by the background management personnel. In the course of transmission, if DNS hijacking occurs, the password can also be obtained.

Therefore, if the password is transmitted and stored, it is better to use MD5 encryption. The client and the server compare the encrypted strings, and if they match, the password is verified.

Interface signature

If the network interface is not restricted, either party can call the interface and implement some services, which will bring great security risks. To avoid this situation, you can choose to add a signature parameter to the interface.

For example, for the network interface https://wanandroid.com/wxarticle/chapters/json, if you add another signature parameter sign, his value will be "be happy" + full path MD5 signed string, and then received in the background After the request, verify the signature to prevent malicious calls from third parties.

File consistency check

The file is damaged during the transmission process. MD5 can be used to verify the file consistency.

For example, when the client downloads a large file, a breakpoint continuation mechanism is generally used. Then a scenario is required: after a part of the file is downloaded, the download is terminated, and then the server's file is updated during this period. When the client downloads here, the downloaded file is problematic, so an error will occur if the verification is not performed, and if the server sends a file, it also sends an MD5 value, and the client downloads After checking the MD5 value of the downloaded file and the MD5 value issued by the server, delete the file and download it again to avoid this situation.

Security and cracking of MD5 encryption

Taking encrypted passwords as an example, because MD5 encryption is irreversible, and the similarity between encrypted strings is not related to the original string, the original string cannot be corrected by comparing the familiarity of the encrypted string, so the cracking of MD5 is generally It is based on brute force cracking, and the result of MD5 encryption is 16 to 32 powers. If you want to brute force crack such a large amount of data, the current computer cannot do it, so the security of MD5 is very high in the conventional sense.

So how is the MD5 password cracking now popular on the market? This is because the passwords set by most people are relatively simple, generally pure numbers or English plus numbers, etc., so when brute force cracking, do not try step by step, directly encrypt with common passwords to compare, just Can reduce a lot of calculation, so as to achieve the purpose of cracking.

In order to combat this situation and protect the user's password information, you can add some common prefixes and suffixes to the user's password. For example, the user sets the password to 123456. If the encrypted string is obtained, it will be easily hit by the library Crack, but we manually add the prefix and suffix, use abc123456xyz , so the probability of being cracked will be much lower.

Star laughter _
Published 19 original articles · praised 8 · visits 4041
Private letter concerns

Guess you like

Origin blog.csdn.net/u014068277/article/details/103115288
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com